For example, you might want to integrate with a third-party Calendar
service which requires OAuth 2.0 access tokens to read a user's scheduled events and
create events. Configure the Calendar service as a third-party OAuth provider. This
configuration allows you to get an access token from the Calendar service and then use
the token to make requests against the service from ServiceNow.

Procedure

Navigate to System OAuth > Application Registry and then click New.

On the interceptor page, click Connect to a third party OAuth
Provider and then fill in the form.

Field

Description

Name

A unique name that identifies the application to
access.

Client ID

The unique ID of the application. The instance uses the
client ID when requesting an access token. You must get the
client ID from the authorization server.

Client Secret

[Required] The shared secret string that the instance and
the application use to authorize communications with one
another. If you do not enter the correct client secret,
tokens are not issued.

OAuth API Script

An optional script that customizes the request and
response. The script name must have the prefix
OAuth.

Logo URL

The URL that contains an image to use as the application
logo.

Default Grant Type

The type of grant:

Authorization code: The code
that is granted to the client to obtain an access
token, which is then used to obtain access to the
resource. If you select this option, then you need
an authorization URL (the URL of the authorization
server).

Resource owner password
credentials: The user name and
password of the user that is trying to obtain access
to the resource.

Client Credentials: The
client ID and client secret, which are both used to
get the access token. This method does not provide
refresh tokens.

Refresh Token Lifespan

The refresh token lifespan in seconds.

Accessible from

The application scope that this registry is accessible
from.

Active

A check box that indicates that the application registry
is active.

Authorization URL

If you are using the authorization code grant type, the
URL of the endpoint to authorize the user. If you are
accessing another ServiceNow instance, append /oauth_auth.do to the
URL.

Token URL

The location of the token endpoint that the instance uses
to retrieve and refresh tokens. If you are accessing another
ServiceNow instance, append /oauth_token.do to the
URL.

Redirect URL

The application endpoint that receives the authorization
code. Leave the field empty to have the instance
auto-generate the URL. If you are accessing another ServiceNow instance, append /oauth_redirect.do to
the URL.

Token Revocation URL

The location of the endpoint that the instance uses to
revoke the token. If you are accessing another instance,
append /oauth_revoke.do to the URL.

Comments

Additional information to associate with the
application.

Embedded
lists

OAuth Entity Profiles

The profiles that are associated with the OAuth provider.
The profile includes the grant type. Click the profile name
to go to the OAuth Entity Profile form.

OAuth Entity Scopes

The entity scopes associated with the OAuth provider. The
scope identifies the services the application has access to.
Click the scope name to go to the OAuth Entity Scope form.

Click Submit. The record is saved in the Application
Registries [oauth_entity] table.

The system creates a record in the Application Registries [oauth_entity] table
of type OAuth Provider. The instance also auto-generates a default
profile using the specified grant type, but without any scopes.